Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS an Win 2k3 AD attribute mapping


I have a problem with 802.1x (PEAP) authentication for wired clients. If the option "Log On To" in AD is enabled, authentication failed. Without this option everything works fine.

I suspect that I'm missing something in ACS configuration which uses AD as external database.

Which ACS attribute corresponds to "Log On To" option in AD?


New Member

Re: ACS an Win 2k3 AD attribute mapping

Is the external database configuration for the Windows database set up correctly?

Can you successfully use the AD credentials to log in via a plane text password, such as logging into a router?

Are the users statically configured? If so, they will need to have their password type set to "Windows Database".

Or, are you using the Unknown User configuration? If so, is that properly configured to use the Windows database?

New Member

Re: ACS an Win 2k3 AD attribute mapping


I'm using AD as external database only for PC clients. Users are mapped to groups on ACS. Problem arise only with option "Log On To" in AD which restricts users to login only on specific machines.

If this option is disabled everything works great. Even changing password from PC.

So I think that AD waits for some other attribute except domain/user/pass, but I can't figured it out which.

CreatePlease to create content